Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Administration (2000)
 MBSA says no SQL service accounts in local adm grp

Author  Topic 

aval
Starting Member

3 Posts

Posted - 2009-07-21 : 13:24:57
MBSA informs me that:

"SQL Server [and] SQL Server Agent [...] service accounts should not be members of the local administrators group."

I created an account for SQL at the time it was installed on this server, following the directions in "SQL Server 2000 DBA" by Tony Bain et al.

- It is a domain account.

- It is a member of the local admin group on the SQL server.


It is because on page 35 of the text cited above, I read that the account must have the following privileges:

- Member of the local Administrators group of the server on which you're installing SQL.

- Logon as service privilege.

- Act as part of the OS privilege.

- Replace a process level token privilege.

Yet, MBSA says it should not be member of the Local Admins group?


This link is for SQL 2005

http://msdn.microsoft.com/en-us/library/ms191543(SQL.90).aspx

It leads me to believe that with the permissions mentioned, I could remove the service account from the local admins group?

But does it apply to SQL 2000?

How do you deal with this?
   

- Advertisement -